Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

DHS Issues Proposed Regulations for Real ID Act

In a surprise move, the Department suggests using bar code technology rather than RFID on driver's licenses.

After a rising tide of concern over the security, privacy and monetary implications of the Department of Homeland Securitys Real ID Act, the Department has handed down proposed regulations that drastically alter its original intent.

The proposed regulations, handed down March 1 by DHS Secretary Michael Chertoff, suggest using machine-readable bar code technology rather than RFID (radio-frequency identification), as had been anticipated, and called for states to implement (or upgrade) a database to hold documentation information, but stipulated that the government will not require states to integrate with a national database.

"I always want to dispel the notion that the Real ID Act or our standards mandates anything like a Big Brother kind of database or style of government," said Chertoff. "We at the Department of Homeland Security in the federal government will not build, will not own, and will not operate any central database containing personal information. The data will continue to be held at the state level as it has traditionally been since they began to issue drivers licenses. And by improving the quality of the documents, were going to make it very, very much harder for people to forge them, counterfeit them, or alter them."

Chertoff also extended the date states have to comply with the Act from May 11, 2008, to a "phase-in period" through May 2013.

The Act, as it was initially proposed in 2005, would have each state implementing a database to hold digital images of citizen documentation—birth certificate, social security number, W-2 form, passport, and utility bill, for example—and share that information with other states, countries and the federal government through a national database. It also called for the implementation of machine-readable technology—the front runner for which was RFID, a technology that has a lot of security and privacy advocates up in arms given its inherent risks.

What DHS proposed instead is the use of bar code technology on drivers licenses. The regulation would require each states license to have on its face space available for 39 characters for full legal name, address, digital photograph, gender, date of birth, signature, document number and machine-readable technology. That boils down to the use of 2-D bar codes already used by 45 states and the District of Columbia, according to Chertoff, who said, "DHS leans toward encrypting the data on the bar code as a privacy protection and requests comments on how to proceed given operational considerations."

Heres where the proposed regulations get tricky. While DHS doesnt require states to include the use of RFID or biometrics—face or iris scans, for example—it isnt eschewing those practices either.

"States may independently choose to implement biometrics into their drivers license process," said Chertoff. "[DHS] does not require a State to collect fingerprints, iris images, or other biometric data in connection with obtaining a license and has no plans to serve as a repository for the face images the states will collect."

The fear of many Real ID Act opponents, particularly Rep. Jim Guest, a Missouri Republican who is leading a 38-state rebellion against the Act, is that even watered—down regulations, once enacted, can be changed to include stronger requirements.

"My concern is that even if [DHS] waters [the Act] down a bit they will try and accomplish what they want with some other legislation," said Guest, who advocates a repeal of the Act. "Homeland Security has total control, with no judicial or legislative control over this. Once they issue this, there is no way of stopping them."

Chertoff, in his public comments, said that the implementation of the Real ID Acts actual technology boils down to common sense.

"Now heres how these standards are going to work. Its very simple and its really a matter of common sense," said Chertoff, during a March 1 press conference. "Applicants are going to need to bring documents to their state Department of Motor Vehicles offices in order to validate or prove five things: who they are, what their date of birth is, what their legal status is in the United States, their social security number, and their address. None of this stuff is top-secret stuff."

Many states, however, have said they cannot afford the potentially millions of dollars it will take to implement the extra technology mandated by the Act. DHS said yesterday that up to 20 percent of the states Homeland Security Grant Program funds can be used to help states implement Real ID. The funds will be made available during the 2007 grant cycle.

The public and other interested parties have 60 days from March 1 to submit comments about the proposed regulations. After the two-month period closes, DHS will review the comments and submit the final rules for compliance.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest news, views and analysis of technologys impact on government and politics.